Ubuntu Security Notice 1249-1 - It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue did not affect Ubuntu 11.10. Jamie Strandboge discovered that BackupPC did not properly sanitize its input when processing log file viewer error messages, resulting in cross-site scripting (XSS) vulnerabilities.
063eb8c6038da815c5d6dad43a7a7e358f343c718e57b60617c8012eaf8fd1ebZero Day Initiative Advisory 11-316 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime processes the matrix structures in the 'tkhd' atom for mp4 files. When the matrix structure contains large values a movs instruction can turn the value negative. When Quicktime later uses the function to determine where it should write its data it does check the upper boundaries, but not the lower ones causing a heap buffer underwrite. This can result in remote code execution under the context of the current user.
74594dbdae073622048f6651ace5317e0546240bb0f13a6f484ff95a939e5d92Zero Day Initiative Advisory 11-315 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allows for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.
3802dfdf1cf93a729f1ba11e5918aa1b86a4e1476352c4beae0112361698747eZero Day Initiative Advisory 11-314 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specific opcode within a PCT file. When resizing a heap buffer, the application will use a signed word read from the file to calculate the resulting size. This can be used to force the target buffer to be of an undersized length. Usage of this buffer will result in a buffer overflow in the context of the application.
cc09b6342d4553ebc78dcd6858afd62878e46f1f87c465f70b1ae1679eb9abfeZero Day Initiative Advisory 11-313 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. When Quicktime tries to decompress this data it reads a user supplied RLE Packet count field from the file and uses that as loop counter. A high value for this field will cause Quicktime to write outside previously allocated memory which could result into remote code execution.
45489e6bcd5489bd68ed6bfde99280dedd3b41ee95eb68978163dd7dddbf7411Xorg versions 1.11.2 and below suffer from a permission change vulnerability that allows a local user the ability to set an arbitrary file to 444.
9f6009b727030f6089ce212fb9833092feb2cd7c92c9d65e65e274472ecb43ceZero Day Initiative Advisory 11-312 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application.
cb365aed44c81961888502d4e300903ac4ba55d40337e597ccdb589e14a421f0Zero Day Initiative Advisory 11-311 - This vulnerability allows remote attackers to potentially disclose memory addresses on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how QuickTime.qts parses a data handler in specific atom within a .mov file. The application will utilize a string length to copy data into an heap buffer, if the string is of zero-length, the application will fail to copy anything and then proceed to use the uninitialized buffer as a string.
4682f8dd91fca2078cf6708e8f7ebb6201141a50fc68df2e53c92a85f3d4035aOpenCart version 1.5.1.1 suffers from a CRLF injection / HTTP response splitting vulnerability.
834045fa71657a4a86151bdf755c6d75625809e43314f881488714917eb293e0Facebook.com suffers from a bypass vulnerability where an executable can be attached to a message if a spaced is added to the name.
d50f0c387bdb7f361f67403ec07249d408f5a19eed5358e240b208741277268fDebian Linux Security Advisory 2329-1 - Bartlomiej Balcerek discovered several buffer overflows in torque server, a PBS-derived batch processing server. This allows an attacker to crash the service or execute arbitrary code with privileges of the server via crafted job or host names.
5f42437f7d36f6cd8bdb547930c295a44714e4c3fb860357704edd6e75e86fbfThe Toshiba eStudio multifunction printer suffers from an information leakage vulnerability as passwords can be extracted in plaintext from the html source code of various configuration pages.
5734383d4ee705db601bc8d3d5e3c2dd43c7d59704ae77a50bf1ce5366dd57bcThe default deployment of Cisco Unified Contact Center Express (UCCX) system is configured with multiple listening services. The web service that is listening on TCP port 9080, or on TCP port 8080 in versions prior to 8.0(x), serves a directory which is configured in a way that allows for a remote unauthenticated attacker to retrieve arbitrary files from the UCCX root filesystem through a directory traversal attack. It is possible for an attacker to use this vector to gain console access to the vulnerable node as the 'ccxcluster' user, and subsequently escalate privileges.
4f61867467d9f947166505f70c2306db6ef9f3380f5efdf8445bb8695e519d32This Metasploit module exploits a stack-based buffer overflow in GTA SA-MP Server. This buffer overflow occurs when the application attempts to open a malformed server.cfg file. To exploit this vulnerability, an attacker must send the victim a server.cfg file and have them run samp-server.exe.
6516b83685589a1ead2d78e1fafcac820b7f9e19416217a6dda64bcf91cceef6The SANS AppSec Summit Call For Papers has been announced. This event will take place in Las Vegas, Nevada from April 30th through May 1st, 2012.
f85366a74c6a05d10f5286c3687ce6acd52adea9f9b93742ae371c8b746fc1e7This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
5d5d2dee3205b21a8812ad1ba723eaf15edbd136751c83c17084738dd1505d2aeFront versions 3.6.10 build 11944 and below suffer from code execution, authentication bypass, shell upload, and remote SQL injection vulnerabilities.
a2df7a32a7dd4ae0a9bc4dbd2e2499dc496f68c261d43e949234ee9dc33f4c05OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. This is the platform independent release.
7ab4f46f7750e54e54d0f6721053ab9635778e313da8e2369ad9bfd717a28242Secunia Security Advisory - SUSE has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
ecdc38a1858cfc80ebd0fd2d88975201a6eabffa4d1e52e06056ea632e598099Secunia Security Advisory - A vulnerability has been reported in the Presta2PhpList module for PrestaShop, which can be exploited by malicious people to conduct SQL injection attacks.
77f4b16edfaa37a9ede9dc3edde8ad4a5e6a509ccfb5b73a2b8e184c859703d8Secunia Security Advisory - A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
7215d9d5d7593fcc5bf61a6e25712d3007f4b0347d4ff60d6a0d33e9d53892a0Secunia Security Advisory - Red Hat has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
1be98bb677f07793f9ed3b84888b8455beadff4d4665644c71dc142b4c0d43d2Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere ILOG Rule Team Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
9761657bbf78b64616e008ceeceeb7473ac5d94c05facbac8c07bb1667ca93cdSecunia Security Advisory - Gentoo has issued an update for mod_authnz_external. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
0bb4ab755cda9dc64d36b35551b7c12c78bcc47295700ff717e7b6bc6714819aSecunia Security Advisory - Ubuntu has issued an update for kde4libs. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
2e9fef9bece728d9279d0097f42e7ca3e1b5e78bfbf4297c80d46a5de43067fe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed